The malware is on 199.115.229.55/showthread.php?t=977334ca118fcb8c (report here) hosted by Volumedrive in the US, which subsequently tries to download further malware from electrosa.com/8zvW2XE.exe (a site that has been used a lot in recent days). That domain and IP are worth blocking.